HBO Max’s enormously popular television series “The Pitt” is receiving plaudits for its realistic depiction of the trials and tribulations of health care in an urban emergency room.
Now in its second season, which premiered on Jan. 8, 2026, the show follows Dr. Michael “Robby” Robinavitch (played by Noah Wyle) and his colleagues through a single 15-hour clinical shift, divided into one-hour episodes. The team treats patients against a backdrop of all-too-common American societal plagues, from substance use disorder to medical bankruptcies and mass shootings.
Spoiler alert: About halfway through the season, Dr. Robby and the staff at the fictional Pittsburgh Trauma Medical Center grapple with chaos ensuing from a less commonly depicted disaster – a hospital cyberattack. The hospital’s network and computers were incapacitated, resulting in scenes of millennial residents struggling with fax machines, laboratory orders disappearing in a shuffle of papers, and constant communication breakdowns culminating in a missed life-threatening diagnosis.
All this might prompt viewers to wonder: Does this actually happen in real life?
As physicians who study cyberattacks and their impact on patient care, we have seen many of the same events depicted in “The Pitt” play out in the real world.
These attacks have severe clinical consequences. In an unfortunate case of art imitating life, the show’s cyberattack story arc began on the same day that the University of Mississippi Medical Center suffered the same fate, resulting in the sudden closure of more than 30 affiliated clinics across the state while also disrupting Mississippi’s only Level I trauma center.
Modern health care is critically dependent on digital technologies, such as electronic health records, laboratory machines and radiology platforms, that shut down when hospital networks are taken offline. Losing access to these tools for prolonged periods of time puts patients’ lives at grave risk.
What’s at stake
The most dire real-life cyberattacks on hospitals involve ransomware, a class of malicious software that encrypts data and locks down computers and networks, demanding significant amounts of cash for the promise of relief. Unfortunately, these events are not rare. Comparitech, a cybersecurity research firm, recorded 445 ransomware attacks on hospitals and clinics in 2025 – a new peak following several years of annual increases.
Such attacks are especially dangerous for patients with time-sensitive emergencies like strokes, heart attacks or sepsis, but they affect hospital outcomes broadly. For example, a 2026 analysis of Medicare data found that hospitalized patients had a 38% higher risk of death during a ransomware attack.
Moreover, the health impacts of ransomware are not confined to the hospitals under attack. “The Pitt” demonstrates this phenomenon well in earlier episodes. When Westbridge, another hospital in the community, is struck first, a wave of patients arriving by ambulance strains Pittsburgh Trauma Medical Center’s already packed emergency room, leading to delays in care and overwhelming already-strained clinicians. Our team found that a hospital cyberattack cut the odds of surviving a cardiac arrest without devastating brain damage by nearly 90% at nearby hospitals, not just the one that was attacked.
And even when a hospital’s computer systems are restored and normal care resumes, a cyberattack leaves enormous financial damage in its wake. Class action lawsuits, fragmented billing and steep regulatory fines due to patient privacy breaches and other issues often result in tens to hundreds of millions of dollars of losses.
In the worst cases, hospitals or clinics in rural areas have been forced to shutter their doors, leaving their communities with one less place to receive care and exacerbating existing health care deserts.
Protecting cyber infrastructure
We have no doubt that Dr. Robby will rally his team to ultimately save the day from malicious cyberattacks on “The Pitt.” But what is the prognosis for the rest of us, in the real world?
The good news is that a number of efforts are underway to improve the cybersecurity of the U.S. health care system.
The federal government has recognized the particular risk posed to rural and critical access hospitals and has identified increased investment in cybersecurity technologies as one of the goals of the Rural Health Transformation Program, a US$50 billion package distributed across all 50 states.
Several states, including New York and Connecticut, have taken further action, enshrining new bills in 2025 and 2026 mandating hospitals develop specific cybersecurity plans to protect patients. And the Food and Drug Administration now evaluates the cybersecurity of new medical devices prior to their arrival to market, and can issue recalls of those found to have significant vulnerabilities.
Cybersecurity remains one of the few bipartisan issues on Capitol Hill. A health care cybersecurity bill co-sponsored by Senators Bill Cassidy, R-La., and Mark Warner, D-Va., introduced in December 2025, would require hospitals to adopt security practices, including multifactor authentication and data encryption, allocate additional grants for hospitals and clinics, and strengthen the pipeline for cybersecurity professionals working in the health care sector, among other provisions.
However, this problem isn’t going away. Artificial intelligence and the expansion of remote and virtual care mean that malicious hackers have sophisticated new tools and increased opportunities to target hospitals. Researchers like us will have to find new ways to prevent cyberattacks when possible and protect patients when they inevitably erupt.
This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Jeffrey Tully, University of California, San Diego and Christian Dameff, University of California, San Diego
Read more:
Jeffrey Tully is the co-founder of Inoculum Labs. He receives funding from the Advanced Research Projects Agency for Health. He is affiliated with the Healthcare and Public Health Sector Coordinating Council Cybersecurity Working Group.
Christian Dameff co-founded inoculum labs. He receives funding from ARPA-H.
